diff options
Diffstat (limited to 'src/routes')
| -rw-r--r-- | src/routes/model.rs | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/routes/model.rs b/src/routes/model.rs index 7a98c56..9242c31 100644 --- a/src/routes/model.rs +++ b/src/routes/model.rs @@ -138,6 +138,8 @@ async fn upload_model_file( } }; + let user = User::find_by_id(claims.user_id).await?; + if !(model.author_id() == user.id || user.is_staff.unwrap()) { return Err(AppError::Unauthorized); } |